[gentoo-soc] Okupy - Report #7

[gentoo-soc] Okupy - Report #7

[Theo Chatzimichos]

[-- Attachment #1: Type: text/plain, Size: 2389 bytes --]

Quick summary:

I'm writing a CMS for the Gentoo website, that will offer an LDAP web 
interface, plus it will replace Gorg and provide Beacon as WYSIWYG editor to 
edit the XML file

There were some serious bugs in the edit account page. The ACL is very complex 
there, since there are public attributes (accessed by everyone), semi-private 
attributes (accessed by the user only and the admins (eg. birthday)), and 
private ones (accessed only by admins). Keep in mind that everything is 
configurable, but there is some duplication between the Django and LDAP ACL, 
since there is no easy way to parse the LDAP slapd.conf yet, we need to 
migrate our infra to cn=config first, which is a not easy long term task. The 
bug was not in the LDAP part, remember that the user changes his/others' (in 
case he has the right privs) attributes with his own account, not by using a 
global admin account. The bug was in the Django part, where the system 
expected to be able to change some data, and weird error messages/exceptions 
were thrown out. Unfortunately this is not complete yet, it needs more 
investigation in order to ensure we are not opening any security holes here. 
The good news is that I tested with our current official configuration, and 
various tweaks on it, and seems to perform fine. Plus, it seems ready for the 
improvements I intend to do (for adding regular users in LDAP etc).

I was also able to plug in some CSS/JS written by my mentor. It is just some 
preliminary work, nothing complete yet, we'll need more help on this, 
especially from people with some experience in web design stuff.

Beacon didn't work out as expected. It became too complex, consisting of lots 
of JS and XSLT, for reading the XML files and printing them. It even stores 
accounts in its own DB to keep track of the documents that users edit. This 
was way out of our needs, we just need the WYSIWYG part only and plug it in in 
a separate web app. Obviously in its current state it is not a workable 
solution without significant additional effort. What we could do for now is to 
split some parts of its code, like the python scripts for converting XML to 
HTML and the opposite, which is also not an easy task.

I must admit that I am really happy that the GSoC is coming to its end, and 
the real fun begins :)
-- 
Theo Chatzimichos | blog.tampakrap.gr
Gentoo KDE/Qt, Planet, Overlays

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]